× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Jim,

To obtain a service ticket for our application from Kerberos server a TGT is required which is available only in the PC into which the user logged in using domain credentials

Is there a way the RPG program running on IBM i server can communicate to the PC and get the TGT?


On Mar 31, 2020, at 4:36 PM, midrangel@xxxxxxxxxxxxxxxxx wrote:

Rajesh:

If my understanding is correct and earlier post answered your question. You need to use the C/C++ routines called from RPG to get the application ticket. Of course the Kerberos server will need to know about that application and the permission levels in it.

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Steinmetz, Paul via RPG400-L
Sent: Tuesday, March 31, 2020 3:24 PM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Cc: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Subject: RE: RPG program - Kerberos Authentication

What are you using for your 5250 emulator.
The emulator should have a connection setting, which would include Kerberos.

Also, you would do the entire Kerberos setup, a little tedious.
Involves running several setups.

Paul

-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rajesh Ravindran
Sent: Tuesday, March 31, 2020 4:20 PM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: RPG program - Kerberos Authentication

Sorry probably I forgot to mention this earlier, I already got the GSS API documentation from IBM website but it looks like to enable Kerberos authentication it requires client and server components.
In case of logging into IBM i server, 5250 emulator running on client PC acts as the client component, communicates with KDC and gets the Kerberos service ticket which is then passed on to the IBM i server

As our application is RPG based green screen application we don’t have any client component running on every local PC so I am trying to understand how to connect to KDC and get the service ticket for our application


On Mar 31, 2020, at 2:39 PM, Charles Wilt <charles.wilt@xxxxxxxxx> wrote:

https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/apis/krb5lis
t.htm

Charles

On Tue, Mar 31, 2020 at 12:10 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:

You could either invoke Java methods or - more efficiently - find the
C/C++ function interface and use that.


On Mar 31, 2020, at 1:26 PM, Justin Taylor <JUSTIN@xxxxxxxxxxxxx> wrote:

I know there are Java ways to do it, but I don't know about RPG (but
I've never looked).



-----Original Message-----
From: Rajesh Ravindran [mailto:rajesh.ravi@xxxxxxxxx]
Sent: Tuesday, March 31, 2020 11:37 AM
To: rpg400-l@xxxxxxxxxxxxxxxxxx
Subject: RPG program - Kerberos Authentication


We have RPG based application running on IBM i and it has its own
user
authentication module based on username and password, we want to
enable Kerberos authentication for our RPG green screen application.
Are there any references on how to obtain Kerberos Service Ticket
using RPG program

Please note we have already enabled Kerberos authentication for IBM
i
server login using NAS and EIM setup. As our product customers won’t
have separate IBM i user profile for each user (shares same IBM i
user profile for all users) we are trying to map the windows domain
username which is unique for each user to our application username
--
This is the RPG programming on IBM i (RPG400-L) mailing list To post
a message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list To post
a message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a
message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.